Vibin Shaju, General Manager – UAE, Trellix
In the United Arab Emirates (UAE), as in other nations, COVID lockdowns forced companies to react. And react they did, with an unprecedented migration to the cloud, to facilitate remote work. And every sign points to a future that will retain that model in some form.
A Ciena survey from June 2020 shows that UAE knowledge workers expected the flexibility of remote work to continue after the COVID crisis had passed. Some 79% predicted they would work remotely more often. More recent studies show this figure to be as high as 86%.
This hybrid-work future puts today’s CISO and their SecOps team in a bind. They have watched helplessly as necessary cloud migration forced them into complex forests of endpoints and unknowable domains. Employees invariably used personal devices to authenticate to corporate environments and third-party networks frequently handled company data, which may or may not have been sensitive. And now security teams must face up to the fact that there is no going back to safer, more manageable infrastructures. Hybrid work is here to stay.
Threats on the rise
Amid a growing field of compliance, which now includes the UAE’s own Personal Data Protection (PDP) law, security teams have had to shift their practices from EDR (endpoint detection and response) to XDR (extended detection and response). This pivot was not for nothing. The UAE and its neighbor, Saudi Arabia, faced an onslaught of cyber-incidents during the pandemic years. Threat actors took full advantage of the new working conditions and technology sprawl. They struck using more innovative methods and they struck more often. Now, a complex mix of technologies is required to support security operations, but this just adds to the complexity that caused the threat escalation in the first place. And to make matters worse, ever-present cybersecurity skills gaps continue to widen.
Dialing down the noise
Trellix’s conversations with clients reveal an alarming number of security tools in place. For larger organizations, the average is more than 70 different security tools in use on any given day. This leads to false positives, unflagged threats, and a range of other errors that represent a clear and present danger to the enterprise. Running between screens trying to collate information as an attack is underway results in a suboptimal response.
Tool complexity without a unifying platform is the greatest enemy of any threat hunter. Complexity is managed best when open APIs allow security teams to access event data from external solutions and automatically correlate it with native sources. Even in the noisiest environments, specialist teams will be able to identify threats and respond quickly and effectively because they have a rich view of the environment. Open-architecture platforms have the added advantage of being inherently easy to integrate, which means they deliver quicker time to value.
This is why open, native XDR is so important. The flexibility and centrality of such a system allows teams to network the elements of their security ecosystem together and reduce complexity. Integration with as many solutions, from as many vendors as possible, is desirable. The platform should be capable of bringing all these sources together in a central pane and combining their telemetries with top-grade threat intelligence on common vectors such as endpoint, email, network, and cloud.
This open-architecture XDR does what XDR was meant to do — unite data from across the ecosystem and beyond to empower security analysts to become threat hunters. This greatly reduces the possibility of a false positive or of a missed threat. Alerts become more actionable because they do not need to be expertly sifted from a sea of others.
Fits like a glove
Open, native XDR makes even more sense to mid-size and smaller enterprises, which do not have the budget, time, or personnel to use many different security tools. They need to eliminate their complexity without a lengthy migration process. Open platforms grow with these companies, empowering them with composable security — a customized platform that becomes what they need.
When facing technology complexity, enterprises need visibility into every corner of the infrastructure. Overworked, under-resourced security teams need a respite from alert fatigue and confused scrambles to chase down threats. Security solutions should fit organizations like gloves, bending to their unique requirements. Open XDR platforms connect all current SOC tools through an open and extensible API framework. There is no better visibility than this — an end-to-end native footprint spanning endpoint, cloud, network, and data.
From this approach emerges a living security ecosystem of detection, mitigation, and response. Complexity has been neutralized by openness. This is the environment CISOs have been waiting for. This is an environment ready for the hybrid-work future. This is the future of cybersecurity.
